symat commented on PR #1866: URL: https://github.com/apache/zookeeper/pull/1866#issuecomment-1129111590
> sorry,it should be CVE-2022-22965 actually CVE-2022-22965 is about Spring (and we don't use Spring in ZooKeeper). I think the CVE you are looking for is CVE-2022-24823. At lease when I run the CVE check on the current master branch, this is the only CVE it finds and it is indeed fixed with netty update. I'll update the title accordingly -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@zookeeper.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
